Category: online security

The FTC is warning of a surge in tech support scams, many of which can be difficult to spot.

In a recent widespread scam, a company calling itself Elite IT Partners, Inc., purchased keywords so it showed in searches for password recovery assistance. Victims contacted the “company,” which asked them to fill out an online form with their contact information. Scammers then called the victims, asking for remote access to their computers. Once inside, they used phony evidence to convince victims that their computers were in need of repairs requiring pricey software. The scammers accepted payment for this software, but did not provide it.

Tech support scams don’t always follow the above script. Here are two other common scenarios:

1. Phone calls
In this variation, scammers spoof the numbers of well-known companies claiming they’ve found a problem with the victim’s computer. They’ll ask for remote access to it, run a “diagnostic test,” and plant bogus problems. They’ll then ask the victim to pay an exorbitant amount of money to get the issue fixed.

2. Pop-up warnings
Sometimes, a tech-support scammer will target victims with an alarming pop-up warning. The pop-up might look like a legitimate error from the victim’s system or antivirus software. The message will warn about a computer security issue and instruct the victim to call a listed number. Once the victim calls, they’ll be asked to grant the scammer remote access to their computer. The scam will then proceed much like what’s described above.

Red flag: Legitimate security warnings from tech companies will never ask you to call a phone number.

If you’ve been scammed
Are you a victim of a tech-support scam? It may not be too late to reclaim your money.

If you paid via credit or debit card, you may be able to stop the transaction. Contact your credit card company or [credit union] about contesting the charge.

You’ll also want to update your computer’s security software and run a scan. Delete anything your computer identifies as a security issue. Be sure to change your usernames and passwords as well.

Finally, don’t forget to report your scam to the FTC.

Your Turn: Have you been targeted by a tech-support scam? Tell us about it in the comments.

Cash is so overrated. Why fumble through wads of crumpled bills and piles of change when you can easily pay back the $6.75 you borrowed from your friend simply by using your phone?

Peer-to-peer (P2P) payment systems are changing the way we handle our money and our social finances forever. Eating out and splitting the tab is super-easy. Collecting money for a shared gift is no longer a hassle. Paying back borrowed money can be done anywhere, and at any time.

First popularized by PayPal, the world of P2P systems has exploded. Many financial institutions Advantage One, offer the option of P2P payments between members, and lots of social media platforms let you transfer money between friends as well. However, the most popular way to pay a friend back is through money transfer apps like PayPal’s Venmo, Square’s Cash App and Zelle. In fact, according to eMarketer, the total value of mobile P2P transactions in the U.S. could increase from $156.49 billion to $244.03 billion from 2018 to 2021.

Are P2P payments really the wave of the future, or just the latest hype? Read on for all your questions on P2P payment systems, answered.

How do P2P payments work?
Say you’re eating out with a bunch of friends and your pal, Meghan, offers to cover the tab and have everyone pay her back. She hands her card to the server while you and your friends pull out your phones. You’ll open up the cash-transfer app of your choice and find Meghan in your contact list. Just key in the amount you owe and send. You may have to input your PIN or prove your identity in another way before the transaction is finalized. Within seconds, Meghan will get a notification that the money’s been sent. Once the funds actually transfer, Meghan can choose to leave them in the P2P account until it’s her turn to pay, or she may move the money to a checking account at the financial institution of her choice.

Will it cost me to transfer money?
Depending on the service provider you use, there may be a fee for transferring money through your phone.

Most P2P systems will allow you to make a payment from a linked financial account or directly into the P2P account at no cost. However, several providers will take 2-3 percent of any payment made with a debit or credit card. Also, if you want your transfer to happen immediately, you’ll usually have to pay: Square Cash will charge a 1.5 percent fee while Venmo takes a flat $0.25 for every instant transfer.

How long will it take for the money transfer to clear?
Your friend will receive notification of your payment soon after you hit the send button. However, the actual money transfer usually takes one to three business days to clear. As mentioned, if you really need that transfer to clear your account immediately, most providers allow you to pay a small fee to make that happen.

Are P2P payments safe?
All P2P systems are careful to encrypt your financial information and to use security measures for protecting your funds. However, these measures aren’t foolproof. Many P2P systems have been targeted by hackers and scammers.

Protect yourself from P2P scams by taking the following steps:

Use two-factor identification and a PIN before completing a transaction.

Asked to be notified about every transaction.

Never use a P2P service for business purposes or for a money transfer with someone you don’t personally know.

Triple-check your recipient’s information before you send a payment; a misspelled email address could send your money to the wrong person.

If something goes wrong with a P2P payment, who is responsible for covering the loss?
Unfortunately, if you’ve been scammed or have had another issue with a P2P payment, you’re on your own. Most services will offer their assistance to law enforcement agencies and notify users if they’ve been scammed, but that’s usually the extent of their fraud protection.

If you choose to use your P2P payment service for a business-related transfer, fraud protection is limited even further. P2P services were created to be a means of transferring funds from friend to friend; most services clearly state in their policies that their platforms should not be used in business transactions. Many consumers, though, choose to ignore these warnings and use Venmo and Square Cash to pay for goods they’ve bought on Craigslist, to sell a used item or even to accept funds for a service they’ve provided.

If you disregard these rules, the service will likely offer no fraud protection or assistance in reclaiming lost funds. Many of them will not even honor a business transaction at all. It’s best to only use P2P payment services among friends and people you know and trust.

Lots of users mistakenly think their financial institution will back them up if a P2P payment goes sideways. However, financial institutions like Advantage One are never responsible for a P2P payment transfer. While we never want to see you lose money for a simple mistake or because you’ve been victimized by a scam, there’s not much we can do about it after the fact. For this very reason, we strongly advocate practicing caution when transferring money online or by app.

In short, if something goes wrong with a P2P payment, you’ll be the one who is responsible for the fallout.

When used responsibly, P2P payment transfers can be a super-convenient way for friends to share expenses or pay back borrowed funds.

Your Turn:Do you use a P2P payment system? Tell us all about it in the comments, below.

P2P payment services, like Venmo, Zelle and Square’s Cash App, are aiming to make cash obsolete – and some would contend they’re succeeding! Just a few quick swipes, and you can transfer funds to a friend, pay for an item you bought online or collect money that’s owed to you.

Convenient as they are, P2P payment systems have unfortunately become a breeding ground for scams and hacks. From compromised accounts to fraudulent transactions, using a P2P service opens you to some risk of losing your money to a scammer.

Read on to learn how to better protect yourself from a P2P payment scam.

How do P2P payment scams happen?There are lots of ways using a P2P payment system can put you at risk, but the following two vulnerabilities are most common:

1.) The bogus buyerIn most cash-transfer apps, when you receive a payment, the money goes into your P2P system balance and stays there until you transfer it to an external account or use it to pay for another transaction. This transfer usually takes one to three business days to clear. Crooked scammers are taking advantage of that “float” in the transfer process to con you out of your money.

Here’s how it works:A scammer will contact you about an item you’ve put up for sale or tickets to an event. Together, you’ll arrange for an exchange of funds and goods. You may even take precautions against a possible scam by insisting on an in-person meeting for the exchange or refusing to send out the item until you see the money in your P2P account. Things proceed according to plan. You’re notified that the money has been sent to your account and you hand over your item. Sadly, you won’t realize you’ve been ripped off until a few days later when the money transfer does not clear and the contact has disappeared with your goods. Unfortunately, there’s no way you can get your money back, because most P2P providers will not offer compensation for a fraudulent sale. Similarly, your linked financial institution bears no responsibility for the scam and can’t help you recoup the loss.

2.) Publicized paymentsPayPal’s Venmo is the only P2P app with a built-in social networking component. This feature has led to a host of privacy issues that have been brought to the attention of the Federal Trade Commission (FTC).

In short, every Venmo transaction you make is up for public scrutiny. No one can access the payment amounts, but anyone who is interested can track the restaurants where you like to eat, the clothing stores you most frequent and check out when you last filled your gas tank. Creepiness factor aside, all that information going public makes Venmo users super-vulnerable to scammers and identity thieves.

Venmo allows you to tweak your privacy settings to keep your information from going public, but most people are unaware of the issue and/or neglect to take this measure. Recently, the FTC ruled that Venmo must make this detail clearer to users. Venmo has since created a popup tutorial for all new users demonstrating how to adjust your privacy settings to keep your transactions from going public. If you choose to use Venmo, check your settings to be sure your money habits aren’t being broadcast for the world to see.

Protecting yourselfYou can keep your money safe and still enjoy the convenience of cash-transfer apps with these simple steps:

Only send money to people you know and trust.

Never use a P2P service for business-related transactions.

When using Venmo, adjust your privacy settings and opt-out of public tracking.

Carefully read the terms and conditions of a P2P service before using.

Keep your credit cards safe. Store your cards in a secure wallet or purse. After making a purchase, immediately return your card to that place.

Don’t allow websites to “remember” your card number. Only let secure payment portals, like GooglePay and PayPal, remember your card number. An even better practice is to never check the “remember card number” box for any site or portal.

Be wary when shopping online. Before using your credit card online, verify the site’s security and that the URL is authentic—there’s an “s” after the “http” in the web address, and a lock icon as well.

Report lost or stolen cards immediately. The sooner you report a missing card, the less liability you’ll have for fraudulent charges made with your card.

The days of handouts and begging loans off wealthy relatives are fast becoming extinct. Today, if you need boatloads of money—whether it’s to help you cover an expensive emergency or to fund a new business idea—you only need to appeal to the vast audience of the internet and wait for the money to start rolling in.

But, they’re also packed with scammers.
For instance, an Iowa woman raised thousands of dollars on GoFundMe for her daughter’s terminal cancer—which would be heartwarming were it not for the fact that her daughter is perfectly healthy.

In a second example, an American company called Triton claimed to have created a device enabling people to breathe underwater. The IndieGoGo page they set up to raise funds for production pulled in $850,000 in just a few days. Sounds inspiring until you realize their supposed invention is more like something out of a sci-fi movie. In reality, Triton fooled many people with an invention that only existed in their imagination.

In yet another incident that garnered national attention, a New Jersey couple teamed up with a homeless veteran from Philadelphia to start a bogus GoFundMe page. The couple claimed the veteran had used his last $20 to buy gas for the wife when she was stranded on Interstate 95. It was the perfect feel-good story, with just enough pathos and emotion to get people to part with their money—to the tune of $400,000, in fact.

Later, when the veteran accused the couple of withholding his money, the case went to court. Proceedings are currently ongoing, but authorities believe the campaign was a scam and that the couple allegedly burned through a whopping $350,000 of donated funds in just a few months.

While some crowdfunding platforms will refund your money if a cause turns out to be a scam, most of them will keep a portion of it for themselves, so don’t plan to get back every penny if you get caught up in a scam. There’s also the possibility of a crowdfunding scam remaining undetected, allowing the scammers to live it up on everyone else’s dimes. Even if your money does land back in your wallet, it’s never a good feeling to know you’ve been conned.

So, don’t let the scammers out there ruin it for everyone else! You should be able to share your money with any cause you believe in. Here are some tips to help ensure you’re chipping in for something genuine.

How to check a campaign for legitimacy
Whether it’s a heartbreaking story or a brilliant business venture you want to support, you’ll first want to research the campaign’s creator. Google their name to see what the internet has to say about them. Also, look up their street address and phone number to verify they’re using their real name, and check whether they’ve started any crowdfunding campaigns in the past.

If you’re looking at a charity campaign, your next step is to take emotion out of the picture. Charity crowdfunding scams succeed by playing with people’s heartstrings. Take the time to study the campaign with pure logic. Does the story really make sense? If you still think it’s legitimate and everything seems to check out, you can choose to donate. Or, you can take your caution one step further by contacting the campaign’s creator and asking for verification of their cause. If they’re genuinely in need, they’ll gladly supply you with names of doctors or references. But if they sound hesitant, or refuse to answer your questions, opt out.

If you’re looking at a crowdfunding campaign for a new business idea, ask yourself if the project is realistic. There are currently several GoFundMe pages set up by individuals with the goal of fighting ISIS. Sounds good until you realize how impossible it is for a single person to achieve such a goal. Lots of inventions or other business ideas also sound incredible until you realize they’re only possible in a fantasy world. Don’t help a business venture get off the ground until you can verify that it’s actually legitimate.

Do your due diligence with crowdfunding campaigns, and you can donate with confidence.

Your Turn:
Do you have a crowdfunding horror story? Tell us all about it in the comments.

Each year, the IRS publishes the “Dirty Dozen,” a list of 12 scams that are rampant during that year’s tax season.

This year, the IRS is cautioning taxpayers to be extra vigilant because of a 60% increase in email phishing scams over the past year. This is particularly disheartening, since it comes on the heels of a steady decline in phishing scams over the previous three years.

Typically, an email phishing scam will appear to be from the IRS. Once the victim has opened the email, the scammer will use one of several methods to get at the victim’s personal information, including their financial data, tax details, usernames and passwords. They will then use this information to steal the victim’s identity, empty their accounts or file taxes in the victim’s name and then make off with their refund.

Scammers have several means for fooling victims into handing over their sensitive information. The most popular tax-related phishing scams include the following:

Tax transcript scamsIn these scams, victims are conned into opening emails appearing to be from the IRS with important information about their taxes. Unfortunately, these emails are bogus and contain malware.

Threatening emailsAlso appearing to be from the IRS, these phony emails will have subject lines like “IRS Important Notice” and will demand immediate payment for unpaid back taxes. When the victim clicks on the embedded link, their device will be infected with malware.

Refund reboundIn this scam, a crook posing as an IRS agent will email a taxpayer and claim the taxpayer was erroneously awarded too large a tax refund. The scammer will demand the immediate return of some of the money via prepaid debit card or wire transfer. Of course, there was no mistake with the victim’s tax refund and any money the victim forwards will be used to line the scammer’s pockets.

Phony phone callIn this highly prevalent scam, a caller spoofs the IRS’s toll-free number and calls a victim, claiming they owe thousands of dollars in back taxes. Those taxes, they are told, must be paid immediately under threat of arrest, deportation or driver’s-license suspension. Obviously, this too is a fraud and the victim is completely innocent.

If you’re targetedWhen targeted by any scam, it’s crucial to not engage with the scammer. If your Caller ID announces that the IRS is on the phone, don’t pick up! Even answering the call to tell the scammer to get lost can be enough to mark you as an easy target for future scams. If you accidentally picked up the phone, hang up as quickly as possible.

Similarly, suspicious-looking emails about tax information should not be opened. Mark any bogus tax-related emails that land in your inbox as spam to keep the scammers from trying again.

If you’re targeted by a tax scam, report the incident to help the authorities crack down on these crooks. Forward suspicious tax-related emails to phishing@irs.gov. You can also alert the Federal Trade Commission at FTC.gov.

Protect yourself from tax scamsStay one step ahead of scammers this tax season by being proactive. Protect yourself with these steps:

File early in the season so scammers have less time to steal your identity, file on your behalf and collect your refund.
Use the strongest security settings for your computer and update them whenever possible.
Use unique and strong passwords for your accounts and credit or debit cards.
Choose two-step authentication when conducting financial transactions online.

Remember, the IRS will never:Call about taxes owed without having first sent you a bill via snail mail.
Call to demand immediate payment over the phone.
Threaten to have you arrested or deported for failing to pay your taxes.
Require you to use a specific payment method for your taxes.

Ask you to share sensitive information, like a debit card number or checking account number, over the phone.

Be alert and be careful this tax season and those scammers won’t stand a chance!

Your Turn:Have you ever been targeted by a tax scam? Share your experience with us in the comments.

With its wide range of features, easy-to-use interface and streamlined access, Facebook is the darling of the social media age. It helps people stay connected with family and friends, allows new relationships to blossom and creates a culture of community for new and established businesses alike.

However, in December, Facebook announced its internal team found a photo API bug in its platform which may have exposed the unshared photos of 6.8 million users. As the latest in a stream of publicized security issues, this breach has the public confused and worried about their privacy.

Read on for all you need to know about the recent Facebook bug.

What happened because of the photo bug?
According to Facebook’s policy, apps linked to Facebook are only allowed to access photos that users give them permission to view, such as those posted on their Facebook timeline. The recent bug, however, may have allowed third-party apps to access loads of other pictures without their user’s knowledge and permission.

An estimated 1,500 apps built by 876 developers were affected by the bug. All of these apps are approved by Facebook, and were authorized by users to access their photos.

The photos breached include those shared on Facebook Stories or Marketplace as well as photos that had been uploaded but weren’t yet posted on Facebook.

The bug was active from Sept. 13 to Sept. 25, 2018. Although, Facebook waited to come clean about the breach in mid-December, 2018.

What steps has Facebook taken to fix the bug?
Facebook fixed the bug as early as Sept. 25 and has openly apologized for the breach. They have promised to let app developers know which of their users have been affected by the bug so they can take steps on their own. Facebook has also claimed to be working on strengthening their platform’s privacy to prevent future photo leaks and security breaches.

When asked why the social media giant did not inform the public about the bug immediately, a Facebook representative told CNN Business, “We have been investigating the issue since it was discovered to try and understand its impact so that we could ensure we are contacting the right developers and people affected by the bug. It then took us some time to build a meaningful way to notify people, and get translations done.”

Despite the statement, the jury remains out on whether Facebook has really taken the responsible course of action after the bug was discovered.

What does the bug mean for impacted Facebook users?
Having your unshared photos posted on public forums can lead to a host of safety issues. Thankfully, no crimes have been linked to the photo leak to date, but crooks can use revealing photos to stage a home robbery or worse. For reasons such as this, it’s always best to use the strongest privacy settings on your social media platforms and to be super-careful about which apps you allow to access your photos.

To be extra careful and keep yourself safe in the event of security breaches like Facebook’s recent photo bug, never post pictures that are too revealing about your personal life and your financial situation.

How can I check if my photos were leaked?
Facebook has issued an official alert to all affected users with clear steps for protecting their photos. The alert directs users to a Help Center Page where they can check if they’ve used any apps affected by the bug and get instructions on how to proceed from there.

Facebook also advises users to log into any apps they use to share photos and check which ones are accessible. If you’re worried about an app’s privacy, log into Facebook’s Manage Your Apps page and contact the app developer directly to inquire about the accessibility of your photos.

Facebook’s latest security breach may have impacted millions of users, but with the proper reactive steps and an eye toward a more secure future, it can help the social media giant and all its users practice stronger security measures and protect their privacy against potential breaches.

Your Turn:
Have you been impacted by Facebook’s latest breach? Share your experience with us in the comments below.